search

cisagov / ScubaGoggles

SCuBA Secure Configuration Baselines and assessment tool for Google Workspace
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
Creative Commons Zero v1.0 Universal
164 stars 22 forks source link

Run_Rego error #410

Closed serialenabler closed 1 month ago

serialenabler commented 2 months ago

🐛 Summary

Running into a run_rego error when running the gws command

To reproduce

Steps to reproduce the behavior:

  1. scubagoggles gws --subjectemail (redacted)
  2. Then this error occurs

Expected behavior

The output would be done

Any helpful log output or screenshots

Paste the results here:

Running Rego verification for calendar...:  0%|     | 0/10 [00:00<?, ?it/s]ERROR:root:
--- OPA failed to execute from process error ---
 b''
Traceback (most recent call last):
 File "/Users/x/Downloads/Scuba-main/path/to/venv/lib/python3.12/site-packages/scubagoggles/orchestrator.py", line 126, in _rego_eval
  results.extend(product_tests[0])
          ~~~~~~~~~~~~~^^^
KeyError: 0
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
 File "/Users/x/Downloads/Scuba-main/path/to/venv/bin/scubagoggles", line 8, in <module>
  sys.exit(dive())
       ^^^^^^
 File "/Users/x/Downloads/Scuba-main/path/to/venv/lib/python3.12/site-packages/scubagoggles/main.py", line 143, in dive
  Orchestrator(args).start_automation()
 File "/Users/x/Downloads/Scuba-main/path/to/venv/lib/python3.12/site-packages/scubagoggles/orchestrator.py", line 419, in start_automation
  self._rego_eval()
 File "/Users/jx/Downloads/Scuba-main/path/to/venv/lib/python3.12/site-packages/scubagoggles/orchestrator.py", line 128, in _rego_eval
  raise Exception("run_rego error") from exc
Exception: run_rego error
axeljov commented 2 months ago

I received the exact same error running on a brand new Workspace.

axeljov commented 2 months ago

I fixed the issue by downloading the required OPA executable (https://github.com/cisagov/ScubaGoggles/blob/main/docs/installation/OPA.md). I suggest adding a check to make sure the executable is available.

adhilto commented 2 months ago

@axeljov That's a great suggestion. I've created an issue for it: https://github.com/cisagov/ScubaGoggles/issues/412.

@serialenabler, can you confirm if you've downloaded the executable as described here? If so, as it appears you're not running this on Windows, have you marked the file as executable? (e.g., chmod +x opa_darwin_amd64)

adhilto commented 1 month ago

Closing this issue for now. The new feature will be tracked as #412. Feel free to reach out if any additional concerns are identified.